torrust-index icon indicating copy to clipboard operation
torrust-index copied to clipboard

Published 20 hours ago verified publisher icon torrust

Simplify the setup for dev env

Open josecelano opened this issue 10 months ago • 2 comments

Relates to: https://github.com/torrust/torrust-index-gui/issues/527

To set up a dev environment, you need to run the Index with:

TORRUST_INDEX_API_CORS_PERMISSIVE=true cargo run

That includes these two headers in the response:

access-control-expose-headers: *
access-control-allow-origin: *

That allows the browser to request a different port. See https://github.com/torrust/torrust-index-gui/issues/527 for a full explanation.

Maybe we could enable this automatically when the host is localhost or 127.0.0.1 to make the setup easier.

josecelano avatar Apr 18 '24 12:04 josecelano

Hi @josecelano.

Maybe we could enable this automatically when the host is localhost or 127.0.0.1 to make the setup easier.

Which is the host you mention here? If we only allow CORS in localhost environment, should the Access-Control-Allow-Origin header be set to localhost instead of *?.

hungfnt avatar May 11 '24 03:05 hungfnt

Hi @josecelano.

Maybe we could enable this automatically when the host is localhost or 127.0.0.1 to make the setup easier.

Which is the host you mention here? If we only allow CORS in localhost environment, should the Access-Control-Allow-Origin header be set to localhost instead of *?.

Hi @ngthhu, I wanted to include the * when the host is the localhost. Basically the application should detect that is running on localhost and include the same headers we include when the use the env var TORRUST_INDEX_API_CORS_PERMISSIVE.

This is the function to get the HOST:

/// It returns the base API URL without the port. For example: `http://localhost`.
fn api_base_url(host: &str) -> String {
    // HTTPS is not supported yet.
    // See https://github.com/torrust/torrust-index/issues/131
    format!("http://{host}")
}

The application gets the host from the configuration if it's available; otherwise, it gets it from the request header.

[net]
port = 3001
base_url = "http://localhost" # This is optional in the config file

I guess we should do something like this:

Access-Control-Expose-Headers: *
Access-Control-Allow-Origin: *

When the host is http://localhost or http://127.0.0.1.

Or we could be more restrictive (maybe this is your question):

Access-Control-Expose-Headers: *
Access-Control-Allow-Origin: http://localhost:3001

When the host is http://localhost or

Access-Control-Expose-Headers: *
Access-Control-Allow-Origin: http://127.0.0.1:3001

When the host is http://127.0.0.1

Because it seems this is not possible:

Access-Control-Expose-Headers: *
Access-Control-Allow-Origin: http://localhost:*

But I don't see any problem with the first option.

josecelano avatar May 13 '24 08:05 josecelano

I'm closing this because the Index could be behind a reverse proxy so it might not be easy to detect if we are running in a development environment. I will open it if I can figure out a good way to detect it without being explicit which is what we are doing now.

josecelano avatar May 29 '24 16:05 josecelano